After the scandal

Reputation is everything. At least that's what everyone says. Just ask your insurance broker.

Here's the paradox. For years the risk management divisions of large brokers like Marsh and Aon have been warning clients of one of Warren Buffett's most famous sayings.

"It takes 20 years to build a reputation and five minutes to ruin it," the Sage of Omaha once quipped. "If you think about that, you'll do things differently."

Then in a few months last year, the world's largest insurance brokers seemed to have forgotten their own advice, as New York attorney-general Eliot Spitzer waged war on the industry with allegations of kickbacks and opaque practices.

Now big brokers had to put up with Benjamin Franklin being quoted at them. As he once said: "It takes many good deeds to build a good reputation and only one bad one to lose it."

So how do risk managers go about convincing corporate boardrooms to carry on using the likes of Marsh and Aon in the post-Spitzer era?

How long will a broker's reputation remain a hot issue? Will Spitzer's campaign have ramifications long after he has succeeded or otherwise in his fight to become New York Governor?

This time, don't ask the big brokers. Marsh said it "could not track down" the right person to answer such questions. Aon was similarly unresponsive on the issue. Alexander Forbes said it had been "unable to find anyone available" to discuss it.

Companies whose risk management operations love to warn others of damage to their brands, image and reputation were strangely tongue-tied when it came to their own.

Major aspect

For the rest of the risk management industry, however, it's a fair question.

Airmic executive director David Gamble says: "Reputational risk has been at the top of the Airmic agenda for quite a long time. It is definitely seen as a major aspect of risk for major companies. "The issue of reputation, as we have seen with Arthur Andersen (and Enron), can lead to the collapse of a firm."

Despite this, Gamble believes the big brokers are surviving their loss of reputation pretty well. "You have to say," he notes, "that although the damage to their reputation has been severe, they have nevertheless weathered the storm better than Arthur Andersen did because they are doing business. They have retained sufficient loyalty among their clients to be able to carry on."

Obviously, a major reason why Marsh has fared better than Andersen is that the allegations against it were in no way as severe. However, expectations of an exodus of top-ranked clients have proved ill-founded.

"On a speak-as-you-see basis," says Gamble, "you have to say that undoubtedly some people have made a change of broker because of the Spitzer investigation, but not as many have done it as people thought would.

"Inevitably, it does raise some concern that increasingly people will take large deductibles and do more insurance on their own accounts if they can afford to do so."

Not surprisingly, such rapid falls from grace and the concomitant damage to share prices have led to companies pushing risk management further up the corporate agenda.

Tarnished names

Patrick Dixon, author of a new book called Building a Better Business, believes there is now such an appetite for stories about corporate scandals that even complying with the law may not save companies from seeing their names tarnished.

"Major risks are being taken by insurance companies with compliance," he warns. "They are wasting millions of pounds a year on legal strategies to cope with yesterday's regulations, which should be seen now as an absolutely minimum that can be swept away by public reactions to new stories.

"Compliance may keep you from prison, but it will not stop a personal reputation or brand from being destroyed."

An added problem is email and the internet, which have massively increased the speed and degree by which reputations can be damaged when things get out of hand.

The ubiquity of email has multiplied the ways in which companies can be sued for libel, slander, breaches of confidentiality and intellectual property. Email has also made it easy for computer systems to be damaged by employees forwarding viruses or hacking into other computers.

Companies also face the risk of being sued by their own staff over inappropriate comments made in emails and breaches of confidentiality arising from their personal data being misused.

Such electronic risks and the issue of cyber-liability are emerging as major growth areas in both risk management and insurance and there are plenty of cautionary tales.

One of the best-known UK cases resulted in Norwich Union paying health insurer Western Provident £450,000 in 1999 to settle an action claiming that an e-mail incorrectly alleged Western was about to be investigated by the DTI.

Simon Gilbert, of United Insurance Brokers, says: "Instances of legal cases being built on malicious or offensive emails are on the rise, costing companies ever-increasing amounts."

Hacking attacks

Specialist new insurance products cover costs stemming from defamation and breaches of privacy and intellectual property as a result of electronic communications.

They also protect against business interruption costs as a result of hacking attacks, cover companies against ransom demands or threats to paralyse computer systems by spreading viruses and include the costs of hiring public relations consultants to repair reputational damage.

According to CFC Underwriting, less than one in ten British businesses has specific cover against so-called "e-risks".

Lisa Hansford-Smith, of Marsh's Financial and Professional practice, says: "Many firms assume that if they are managing security, that equals managing risk. However, managed security services provide only the technical response and are just one piece in the puzzle. Unfortunately, as fast as a firewall or intrusion detection system is built, someone out there is figuring out how to breach it."

Cyber-risks and liability are ill-defined and such a recent phenomenon that the legal system is still developing ways of dealing with them. In the meantime, there is an opportunity for insurers to take advantage of an increasingly uncertain and risky business environment.

As for the big brokers, they have redesigned their business models and must hope that the wisdom of seventeenth century bishop Joseph Hall has faded with time. "A reputation once broken may possibly be repaired," he once said. "But the world will always keep their eyes on the spot where the crack was."